You are on page 1of 53

ABSTRACT:

The rapid development of data transfer through internet has made it easier to send the data accurate and faster to the destination. There are many transmission media to transfer the data to destination like e-mails, social sites etc. At the same time it is may be easier to modify and misuse the valuable information through hacking. So, in order to transfer the data securely to the destination without any modifications, there are many approaches like cryptography and steganography. This project report deals with image steganography as well as with the different security issues, general overview of cryptography, steganography and digital watermarking approaches. Also it provides in-depth discussions of different steganographic algorithms like Least Significant Bit (LSB) algorithm, JSteg Hide & Seek and F5 algorithms. It also compares those algorithms in terms of speed, accuracy and security. It also offers a chance to put the theory into practice by way of a piece of software designed to maximise learning in the fields. This paper can therefore be split into two parts: Research and Software Development. The project is done using Microsoft Visual Basic 2008 on a computer running Windows Vista. .NET framework of 3 or higher is required for the software to execute.

TABLE OF CONTENTS:

i
ABSTRACT 1 INTRODUCTION 1.1 An overview of Internet Security.................1 1.2 Where Steganography & Cryptography fits in......................................................1 1.3 Literature Survey...................................................................................................2 1.3.1 Information Security.............................................................................2 1.3.2 Security Attacks....................................................................................2 1.3.3 Analysis of various Steganographic Algorithms..................................6 1.3.3.1 Steganography Methods..........................................................7 1.3.3.2 Steganography Algorithms......................................................8 1.3.4 Cryptographic Algorithms...................................................................14 1.4 Applications of our project................................................................................19 1.5 Proposed Solution Strategy...............................................................................19 i

2. SOFTWARE REQUIREMENT SPECIFICATION DOCUMENT (SRS)........................20

2.1Introduction.........................................................................................................20

2.1.1 Purpose....................................................................................................20 2.1.2 Definitions...............................................................................................20 2.2Overall Description..............................................................................................20 2.2.1Product Function......................................................................................20 2.2.2 User Characteristics.................................................................................20 2.2.3 Dependencies...........................................................................................20 2.3Functional Requirements......................................................................................21 2.3.1 Use Case Diagram....................................................................................21 2.3.2 Use Case Specification.............................................................................21 2.3.3 Performance Requirements.......................................................................21 2.4 Non Functional Requirements.............................................................................21 2.4.1 Performance..............................................................................................21 2.4.2 Reliability..................................................................................................21 2.4.3 Portability..................................................................................................21 2.5 Data Flow Diagrams............................................................................................21 2.5.1 Level 0 Data Flow Diagram......................................................................23 2.5.2 Level 1 Data Flow Diagram......................................................................24 2.5.3 Level 2 Data Flow Diagram......................................................................24 2.6 Activity Diagram.................................................................................................25

3. DESIGN STRATEGY.........................................................................................................27 3.1 Overview.............................................................................................................27 3.2 Intentions & Considerations................................................................................27 3.3 Development Tools.................................. ..........................................................27 3.4 Visual Basic.........................................................................................................28 3.5 Features of the proposed method........................................................................29

3.6 Interface Screenshots...........................................................................................30 3.6.1 The main interface.....................................................................................30 3.6.2 When file is clicked....................................................................................31 3.6.3 When Action is clicked...............................................................................32 3.6.4 When help is clicked...34 3.6.5 The encryption process................................................................................36 3.6.6 The decryption process...........................................................................,...39

4. TEST PLAN......................................................................................................................,...43 4.1 Introduction...........................................................................................................43 4.2 Aim of Testing.......................................................................................................43 4.3 Test Cases...............................................................................................................44 4.3.1 Start up Screen Display...............................................................................44 4.3.2 For Encryption.............................................................................................45 4.3.3 For Decryption.............................................................................................46

5. USER DOCUMENTATION................................................................................................47 5.1 Welcome to steganography....................................................................................47 5.1.1 What is Steganography: ...............................................................................47 5.2 Getting Started.......................................................................................................:47 5.2.1 Install / Uninstall Steganography..................................................................47 5.3 How to use the software.........................................................................................48 5.4 Menus for operating the software Hide Your Secret .........................................49

6. RESULTS AND CONCLUSION........................................................................................51 6.1 Result.....................................................................................................................51 6.2 Conclusion..............................................................................................................52 6.3 Future Work...........................................................................................................52 REFERENCE....ii APPENDIX A ...iii

1. INTRODUCTION
1.1 An overview of Internet Security
Since the rise of the Internet one of the most important factors of information technology and communication has been the security of information. Everyday tons of data are transferred through the Internet through e-mail, file sharing sites, social networking sites etc to name a few. As the number of Internet users rises, the concept of Internet security has also gain importance. The fiercely competitive nature of the computer industry forces web services to the market at a breakneck pace, leaving little or no time for audit of system security, while the tight labour market causes Internet project development to be staffed with less experienced personnel, who may have no training in security. This combination of market pressure, low unemployment, and rapid growth creates an environment rich in machines to be exploited, and malicious users to exploit those machines.

1.2 Where Steganography & Cryptography fits in


Cryptography was created as a technique for securing the secrecy of communication and many different methods have been developed to encrypt and decrypt data in order to keep the message secret. Unfortunately it is sometimes not enough to keep the contents of a message secret, it may also be necessary to keep the existence of the message secret. The technique used to implement this, is called steganography. The word "Steganography" is of Greek origin and means "covered or hidden writing". The main aim in steganography is to hide the very existence of the message in the cover medium. Steganography and cryptography are counter parts in digital security the obvious advantage of steganography over cryptography is that messages do not attract attention to themselves, to messengers, or to recipients. Also, the last decade has seen an exponential growth in the use of multimedia data over
Department of Information Technology (NEHU) Page | 1

the Internet. These include Digital Images, Audio and Video files. This rise of digital content on the internet has further accelerated the research effort devoted to steganography. The initial aim of this study was to investigate steganography and how it is implemented. Based on this work a number of common methods of steganography could then be implemented and evaluated. The strengths and weaknesses of the chosen methods can then be analysed. To provide a common frame of reference all of the steganography methods implemented and analysed used BMP images.

Department of Information Technology (NEHU)

Page | 2

To make a steganographic communication even more secure the message can be encrypted before being hidden in the carrier. Cryptography and steganography can be used together. The random looking message which would result from encryption would also be easier to hide than a message with a high degree of regularity. Therefore encryption is recommended in conjunction with steganography.

1.3 Literature Survey


1.3.1 Information Security
In general, security denotes the quality or state of being secure to be free from danger. Security is classified into different layers depending on the type of content intended to be secured: Physical security: Defines the required issues that are needed to protect the physical data or objects from unauthorized intrusion. Personal security: It is defined as the security of the individuals who are officially authorized to access information about the company and its operations Operational security: It mainly relies on the protection of the information of a particular operation of the chain of activities. Communications security: The communications security encompasses the security issues regarding the organisations communication media, technology and content. Network security: The network security is responsible for safeguarding the information regarding the networking components, connections and contents. Information security: Information security is the protection of information and the systems and hardware that use, store, and transmit that information. Information security can be defined as measures adopted to prevent the unauthorized use or modification of use of data or capabilities.

Department of Information Technology (NEHU)

Page | 3

1.3.2 Security Attacks


The data is transmitted from source to destination which is known as its normal flow as shown in figure 1. But the hackers might hack the network in order to access or modify the original data. These types of attacks are formally known as security attacks.

Figure 1. Normal Data Flow A hacker can disrupt this normal flow by implementing the different types of techniques over the data and network in following ways. They are:

Interruption: Interruption is an attack by which the hackers can interrupt the data before reaching the destination. This type of attack shows the effect on availability and usually destroys the system asset and makes the data unavailable or useless.

Department of Information Technology (NEHU)

Page | 4

Figure 2. Interruption

Interception: Interception is one of the well known attacks. When the network is shared that is through a local area network is connected to Wireless LAN or Ethernet it can receive a copy of packets intended for other device. On the internet, the determined hacker can gain access to email traffic and other data transfers. This type of attack shows the effect on confidentiality of data. Figure 3. Interception

Modification:

Department of Information Technology (NEHU)

Page | 5

This refers to altering or replacing of valid data that is needed to send to destination. This type of attacks is done usually by unauthorized access through tampering the data. It shows effect on the integrity of the data.

Figure 4. Modification

Fabrication: In this type, the unauthorized user places data without the interface of source code. The hacker or unauthorized person inserts the unauthorized objects by adding records to the file, insertion of spam messages etc. This type of attack affects on the Authenticity of message.

Figure 5. Fabrication

Department of Information Technology (NEHU)

Page | 6

There are many types of security attacks that will try to modify the original data. The main goal of any organisation / individual transmitting the data is to implement security measures which include 1. Prevention 2. Detection 3. Response 4. Recovery Prevention: The security attacks can be prevented by using an encryption algorithm to restrict any unauthorized access to the encryption keys. Then the attacks on confidentiality of the transmitted data will be prevented. Detection: Using the intrusion detection systems for detection of unauthorized individuals logged onto a system and making the resources available to legitimate users. Response: Whenever the unauthorised attacks happen in the system, the security mechanisms can detect the process and the system can respond to make the data unavailable. Recovery: Recovery is the final approach if an attacker modifies the data or makes the data unavailable. The data can then be recovered by using backup systems, so that the integrity of the data shall not be compromised.

1.3.3 Analysis of various Steganographic Algorithms


Now that we are aware of the various types of security vulnerabilities, the main task of our project is to address these problems by some suitable method. We have selected Steganography in our project as it is comparatively new and we felt that it can have huge impact in the field of security.

Department of Information Technology (NEHU)

Page | 7

Figure 6. Block Diagram for Steganography

Steganography supports different types of digital formats that are used for hiding the data. These files are known as carriers. Depending upon the redundancy of the object, suitable formats are used. Redundancy is the process of providing better accuracy for the object that is used for display by the bits of object. The main file formats that are used for steganography are Text, images, audio and video. We have implemented the text hiding in an image (BMP) in our project. For the purpose of developing a steganographic application we went through all the steganographic methods available and decided to select Secret key Steganography for our project. All the methods are described in details below. Also we made an analysis of all the Steganographic algorithms available and compared them in terms of speed, quality of hiding and security. A detailed analysis of all the algorithms that we have studied is presented below.
Department of Information Technology (NEHU) Page | 8

1.3.3.1 Steganography Methods


The different types of steganographic techniques available are: 1. Pure Steganography 2. Public key Steganography 3. Secret key Steganography Pure Steganography: Pure Steganography is the process of embedding the data into the object without using any private keys. This type of Steganography entirely depends upon the secrecy. This type of Steganography uses a cover image in which data is to be embedded, personal information to be transmitted, and encryption decryption algorithms to embed the message into image. These types of steganography cant provide the better security because it is easy for extracting the message if the unauthorised person knows the embedding method. It has one advantage that it reduces the difficulty in key sharing.

Figure 7. Pure Steganography process

Secret key Steganography: Secret key Steganography is another process of Steganography which uses the same procedure other than using secure keys. It uses the individual key for embedding the data into the object which is similar to symmetric key. For decryption it uses the same key which is used for encryption. This type of Steganography provides better security compared to pure Steganography. The main problem of using this type of steganographic system is sharing the secret key. If the attacker knows the key it will be easier to decrypt and access original information.

Department of Information Technology (NEHU)

Page | 9

Figure 8. Secret key Steganography Process

Public key Steganography: Public key Steganography uses two types of keys: one for encryption and another for decryption. The key used for encryption is a private key and for decryption, it is a public key and is stored in a public database

Figure 9. Public key Steganography Process

We have implemented the Secret Key Steganography technique in our project. The password shall be provided by the person who does the encryption and it has to be provided to decrypt the message from the image.

1.3.3.2 Steganography Algorithms


In our project we have done an in-depth analysis of three Steganographic algorithms in terms of speed of action, quality of hiding and security. We have also implemented all the algorithms in our application. The user has the option to use any algorithm he seems fit for his task. The details of these algorithms are given below followed by a comparison chart between the three.

LSB algorithm:
Department of Information Technology (NEHU) Page |10

LSB (Least Significant Bit) substitution is the process of adjusting the least significant bit pixels of the carrier image. It is a simple approach for embedding message into the image. The Least Significant Bit insertion varies according to number of bits in an image. For an 8 bit image, the least significant bit i.e., the 8th bit of each byte of the image is changed to the bit of secret message. For 24 bit image, the colours of each component like RGB (red, green and blue) are changed. LSB is effective in using BMP images since the compression in BMP is lossless. But for hiding the secret message inside an image of BMP file using LSB algorithm it requires a large image which is used as a cover. LSB substitution is also possible for GIF formats, but the problem with the GIF image is whenever the least significant bit is changed the whole colour palette will be changed. The problem can be avoided by only using the gray scale GIF images since the gray scale image contains 256 shades and the changes will be done gradually so that it will be very hard to detect. For JPEG, the direct substitution of steganographic techniques is not possible since it will use lossy compression. So it uses LSB substitution for embedding the data into images. There are many approaches available for hiding the data within an image: one of the simple least significant bit submission approaches is Optimum Pixel Adjustment Procedure. The simple steps for OPA explain the procedure of hiding the sample text in an image.

Step1: A few least significant bits (LSB) are substituted with in data to be hidden. Step2: The pixels are arranged in a manner of placing the hidden bits before the pixel of each cover image to minimize the errors. Step3: Let n LSBs be substituted in each pixel. Step4: Let d= decimal value of the pixel after the substitution. d1 = decimal value of last n bits of the pixel. d2 = decimal value of n bits hidden in that pixel. Step5: If (d1~d2)<=(2^n)/2 then no adjustment is made in that pixel.
Department of Information Technology (NEHU) Page |11

Else Step6: If(d1<d2) d = d 2^n. If(d1>d2) d = d + 2^n.

This d is converted to binary and written back to pixel. This method of substitution is simple and easy to retrieve the data and the image quality better so that it provides good security. The encoder algorithm is as given below: 1: for i = 1, ..., len(msg) do 2: 3: 4: 5: end if p = LSB(pixel of the image) if p != message bit then pixel of the image = message bit

6: end for The encoding process shows that the entire algorithm can be implemented by writing just a few lines of code. The algorithm works by taking the first pixel of the image and obtaining its LSB value (as per line 2 of the Algorithm). This is typically achieved by calculating the modulus 2 of the pixel value. This will return a 0 if the number is even, and a 1 if the number is odd, which effectively tells us the LSB value. We then compare this value with the message bit that we are trying to embed. If they are already the same, then we do nothing, but if they are different then we replace the pixel value with the message bit. This process continues whilst there are still values in the message that need to be encoded The decoder algorithm is: 1: for i = 1, ..., len(image string) do
Department of Information Technology (NEHU) Page |12

2:

message string = LSB (pixel string of the image)

3: end for The decoding phase is even simpler. As the encoder replaced the LSBs of the pixel values in c in sequence, we already know the order that should be used to retrieve the data. Therefore all we need to do is calculate the modulus 2 of all the pixel values in the stegogramme, and we are able to reconstruct m as m0 .The above Algorithm shows the pseudo code of the decoding process. Note that this time we run the loop for length of message instead of length of string. This is because the decoding process is completely separate from the encoding process and therefore has no means of knowing the length of the message. If a key were used, it would probably reveal this information, but instead we simply retrieve the LSB value of every pixel. When we convert this to ASCII, the message will be readable up to the point that the message was encoded, and will then appear as gibberish when we are reading the LSBs of the image data.

Hide & Seek: The randomised approach to the Hide & Seek algorithm makes it possible to scatter the locations of the pixels that are to be replaced with the message data. The core of the encoding process is identical to that of the LSB algorithm described above. In fact, the two methods only differ in terms of how the image data is presented before the embedding process starts. For the randomised approach the image data c is usually shuffled using a Pseudo Random Number Generator (PRNG). This generator will take the image data and produce a shuffled version C according to a seed k that is specified by the encoder. There will also be an inverse shuffle which takes C and returns the original order c when the same k is used. The pixel values of the image c are often shuffled before embedding such that the exact same encoding mechanism from above algorithm can be used. The values are then shuffled back to their original positions after embedding such that the image can be displayed properly for sending it across some communications channel to the recipient. A PRNG also has the advantage that it produces the same shuffle when the same data and the same seed are given back to it. This means that all we need is c and k
Department of Information Technology (NEHU) Page |13

at the decoding stage, and the same shuffle will be recreated so we can retrieve the message data successfully. The encoding algorithm below shows the pseudo code for the encoding process of the randomised Hide & Seek approach. Now we have line 1 that randomises the locations of each pixel before embedding the message data. In addition to this, we also have line 8 which returns the pixel locations back to normal when the embedding process has ended. The seed k acts as a key to the algorithm such that the same shuffle sequence can be generated when retrieving the hidden message. The output stegogramme s from this embedding approach will contain bits of the hidden message in seemingly random locations of the image. The encoding algorithm: 1: generate randomised sequence C using data c and seed k 2: for i = 1, ..., l(m) do 3: p == LSB(Ci) 4: if p != message bit then 5: ci == mi 6: end if 7: end for 8: generate original sequence c using data C and seed k Perhaps the most important aspect of note is that as we require k to identify the correct regions, the algorithm is much more secure than the sequential approach, as the sequence cannot be derived without it. The decoding algorithm: 1: generate randomised sequence S using data s and seed k 2: for i = 1, ..., l(s) do 3: mi == LSB(Si) 4: end for Sometimes, as a seed is already required to retrieve the message, the randomises approaches may go one step further and create a full key that also declares l(m). If this is the case, line 2 can be changed such that the loop runs for l(m) rather than l(s).

Department of Information Technology (NEHU)

Page |14

JSTEG algorithm: JSteg algorithm is one of the steganographic techniques for embedding data into JPEG images. The hiding process will be done by replacing Least Significant Bits (LSB). JSteg algorithm replaces LSBs of quantized Discrete Courier Transform (DCT) coefficients. In fact, the JSteg algorithm only differs from the Hide & Seek algorithm because it embeds the message data within the LSBs of the DCT coefficients of c, rather than its pixel values. Before the embedding process begins, the image is converted to the DCT domain in 8x8 blocks such that the values of ci switch from pixel values to DCT coefficients. In order for the values to be presented as whole numbers, each 8x8 block is quantised according to a Quantisation Table Q. The result is where the embedding algorithm operates. An example of an 8x8 DCT block is shown in Figure 10. In this process the hiding mechanism skips all coefficients with the values of 0 or 1. This algorithm is resistant to visual attacks and offers an admirable capacity for steganographic messages. It has high capacity and had a compression ratio of 12%. JSteg algorithm is restricted for visual attacks and it is less immune for statistical attacks. Normally, JSteg embeds only in BMP images. In these BMP images, the content of the image is transformed into frequency coefficients so as to achieve storage in a very compressed format. There is no visual attack in the sense presented here, due to the influence of one steganographic bit up to 256 pixels.

Department of Information Technology (NEHU)

Page |15

Figure 10. An example of an 8x8 sub-block of DCT coefficients.

We should also note the two types of coefficient that we see in every 8x8 block: DC, and AC. The value at the top left of each 8x8 block is known as the DC coefficient. It contains the mean value of all the other coefficients in the block, referred to as the AC coefficients. The DC coefficients are highly important to each block as they give a good estimate as to the level of detail in the block. Changing the value of the DC coefficient will also change many of the values of the AC coefficients, and this will create a visual discrepancy when the image is converted back to the spatial domain and viewed normally. For this reason, the JSteg algorithm does not embed message data over any of the DC coefficients for every block. In addition to this, the algorithm also does not permit embedding on any AC coefficient equal to 0 or 1. The encoding algorithm 1: convert image c to DCT domain d in 8x8 blocks 2: for i = 1, ..., l(m) do 3: p == DCT(di)
Department of Information Technology (NEHU) Page |16

4: while p = DC or p = 0 or p = 1 do 5: p = next DCT coefficient from d 6: end while 7: pi == ci mod 2 + mi 8: ci == pi 9: end for 10: convert each 8x8 block back to spatial domain The above algorithm provides the pseudo code for the encoding process of the JSteg algorithm. Line 4 shows that the algorithm avoids embedding on the DC coefficients, and also any AC coefficient equal to 0 or 1. Line 8 shows an alternative method for calculating the LSB value of the coefficient by using mod 2. The result is replaced with the value in mi. Again, no key is used for this algorithm. So long as the decoder knows that the embedding took place in the DCT domain, it will be capable of extracting the message successfully. The security of the JSteg algorithm therefore lies in the algorithm itself. As we noted before, the main difficulty of not using a key is when we try to determine l(s) when extracting the message. Without a key, it is impossible to know the length of the message to extract, so the loop is typically run for the entire duration of the image to ensure that the entire message is extracted. This is certainly the case for the JSteg algorithm as we will see in the decoding process. The decoder algorithm 1: convert image s to DCT domain d in 8x8 blocks 2: for i = 1, ..., l(s) do 3: p == DCT(di) 4: while p = DC or p = 0 or p = 1 do 5: p = next DCT coefficient from d 6: end while 7: mi == di mod 2 8: end for The decoding process functions by converting the stegogramme s to the DCT domain. It then avoids the same coefficient values that the encoding algorithm avoids, and retrieves the hidden message from the LSBs of all the other coefficients sequentially (line 7).
Department of Information Technology (NEHU) Page |17

The performance of the algorithms differs with the type of cover image or source on which the data is embedded. The comparison of these algorithms is tabulated below:

Steganographic algorithm LSB F5 JSteg

Speed

Quality of hiding

Security

High Low Moderate

Good High up to 13.4% Embedding capacity up to 12%

Medium Strong Less

1.3.4 Cryptographic Algorithms


The word cryptography is derived from two Greek words which mean secret writing. Cryptography is the process of scrambling the original text by rearranging and substituting the original text, arranging it in a seemingly unreadable format for others. Cryptography is an effective way to protect the information that is transmitting through the network communication paths. Cryptology is the science that deals about cryptography and cryptanalysis. Cryptography is the approach of sending the messages secretly and securely to the destination. Cryptanalysis is the method of obtaining the embedded messages into original texts. In general, cryptography is transferring data from source to destination by altering it through a secret code. The cryptosystems uses a plaintext as an input and generate a cipher text using encryption algorithm taking secret key as input.
Department of Information Technology (NEHU) Page |18

The important elements in cryptosystems are:

Plain text: The plain text is an original piece of information that is needed to send information to the destination. Encryption algorithm: This is the main key to any cryptographic system. This encryption algorithm subjects the plain text to various substitutions and transformations. Secret key: The secret key is given by the user which will act as an input to the encryption algorithm. Based on this key, various substitutions and transformations on the plain text will differ. Cipher text: This is the output generated by the encryption algorithm. The cipher text is the jumbled text. The cipher text differs with each and every secret key that has given to the encryption algorithm. Decryption algorithm: This is opposite to the encryption algorithm. It will acquire cipher text and secret key as an input and produce plain text as an output. We know that cryptography can be used in conjunction with steganography. As such we have used two cryptographic algorithms to use in our project. Both are symmetric key algorithms and the keys are fixed by us to reduce the simplicity of the project.

Department of Information Technology (NEHU)

Page |19

Figure 10. General model of cryptographic algorithm

In our application when the user enters the text to be hidden, it is passed through these encryption algorithms first and then it is passed through the Steganographic algorithm which the user selected. The encryption algorithms are used in the hope that even if someone uses Steganalysis and discovers the algorithm we are using to perform steganography, he will still not be able to gain anything since the message will be encrypted. We have developed two algorithms to be used with our project which are both simple and efficient. Also we have used the XOR method to combine the encrypted text with the encrypted password which is then embedded into the message. These algorithms together with the XOR method are described in details below.

Algorithm 1 This algorithm was written and coded by us specifically for this project. The main advantage of this algorithm is that it provides the encrypted text the same size as the clear text. The pseudo code of the algorithm is given below:

Department of Information Technology (NEHU)

Page |20

The encryption algorithm: Step 1: Generate the ASCII value of the letter Step 2: Generate the corresponding binary value of it. [Binary value should be 8 digits e.g. for decimal 32 binary number should be 00100000] Step 3: Reverse the 8 digits binary number Step 4: Take a 4 digits divisor (>=1000) as the Key Step 5: Divide the reversed number with the divisor Step 6: Store the remainder in first 3 digits & quotient in next 5 digits (remainder and quotient wouldnt be more than 3 digits and 5 digits long respectively. If any of these are less than 3 and 5 digits respectively we need to add required number of 0s (zeros) in the left hand side. So, this would be the cipertext i.e. encrypted text. Now store the remainder in first 3 digits & quotient in next 5 digits.

The decryption algorithm: Step 1: Multiply last 5 digits of the ciphertext by the Key Step 2: Add first 3 digits of the ciphertext with the result produced in the previous step

Department of Information Technology (NEHU)

Page |21

Step 3: If the result produced in the previous step i.e. step 2 is not an 8-bit number we need to make it an 8- bit number Step 4: Reverse the number to get the original text i.e. the plain text

Example showing the above algorithm in action Let, the character is T. Now according to the steps we will get the following: Step 1: ASCII of T is 84 in decimal. Step 2: The Binary value of 84 is 1010100. Since it is not an 8 bit binary number we need to make it 8 bit number as per the encryption algorithm. So it would be 01010100 Step 3: Reverse of this binary number would be 00101010 Step 4: Let 1000 as divisor i.e. Key Step 5: Divide 00101010 (dividend) by 1000(divisor) Step 6: The remainder would be 10 and the quotient would be 101. So as per the algorithm the ciphertext would be 01000101 which is ASCII 69 in decimal i.e. E 01000101

To decode:

Department of Information Technology (NEHU)

Page |22

Step 1: After multiplying 00101 (last 5 digits of the ciphertext) by 1000 (Key) the result would be 101000 Step 2: After adding 010 (first 3 digits of the ciphertext) with 101000 the result would be 101010 Step 3: Since 101010 is not an 8-bit number we need to make it 00101010 Step 4: After reversing the number it would be 01010100 i.e. ASCII 84 in decimal i.e. T as character which was the original text 01010100

Algorithm 2 Apart from the algorithm mentioned above, we have also used another encryption algorithm which is the Rail Fence Encryption cipher. This simple transposition cipher scrambles the letters of the plaintext (in our case the text encrypted through the above algorithm) without causing any change to the original characters. Example: If the string to be encrypted is suppose Hello World then performing a depth-2 Rail Fence cipher will change it to HloWrdel ol Algorithm 3 After the message and the password have passed through the ciphers described above they are XORed together to form a single string. To perform XOR operation we find the ASCII value for both the text and
Department of Information Technology (NEHU) Page |23

the password and then perform binary XOR operation on them. After that we change it back again to String. Example: The XOR operation between the text Hello World and password 12345 gives us the following string: yW_XZe\FYU. Only after the message has passed through these encryption parts are they embedded in the image using one of the steganography algorithm described above.

1.4 Applications of our project


1. Confidential communication and secret data storing 2. Protection of data alteration 3. Access control system for digital content distribution 4. Media Database systems

1.5 Proposed Solution Strategy


We have created a simple UI wherein the user has the ability to enter the text he wants to hide via a Textbox. After that he is given the opportunity to choose a picture which he wants to use as carrier image. The system has an inbuilt checker which will check if the image format (BMP in our case) is correct and if the image size is big enough to hide the text. Very small images (< 64*64) are not allowed to be imported. The user can then enter his password which he wants to use to encrypt the image. An additional confirm password box is created so that there is no typing mistakes. User can also choose to see the internal
Department of Information Technology (NEHU) Page |24

proceedings of the software (the encryption part) or he can choose a basic view for the application. For decrypting an image, a user simply has to choose the image which he wants to decode and provide the correct password. The decrypted text will then be shown to him. He will have the option to then save the text in an external text file. An extensive user manual is written for the help of the user.

2. SOFTWARE REQUIREMENT SPECIFICATION:


2.1 Introduction
2.1.1 Purpose
We have chosen to use Steganography as our project as it is somewhat new in the field of security and we felt that it could have a huge impact in the future (if not already). The main purpose of our project is to create a user-friendly application which can solve the security concerns in message passing at least to some extent.

2.1.2 Definitions
All the definitions are explained in Appendix A.

2.2 Overall Description


Department of Information Technology (NEHU) Page |25

2.2.1 Product Function


There is only one kind of user for our product. The general user will be able to perform all the operations on the product after installing the product on his machine. Microsoft .NET Framework 3.0 or higher is required to install the product.

2.2.2 User Characteristics


Any user with a little knowledge of computers and security will be able to operate our application.

2.2.3 Dependencies
The system only depends on the fact that Microsoft .NET Framework 3.0 or higher is installed. Also BMP images of reasonable size are required to carry out Steganography.

2.3 Functional Requirements


2.3.1 Use Case Diagram

Department of Information Technology (NEHU)

Page |26

2.3.2 Use Case Specification


Primary actor: The general targeted audience are the only primary users for our system. Pre condition: Microsoft .NET framework 3.0 is installed. The user has to import an image and has to provide the text. Main Scenarios: There are a number of main scenarios in our project. 1. Import an image for encryption. 2. Import an image for decryption. 3. Choose between the basic and the advanced view.

Department of Information Technology (NEHU)

Page |27

4. The user can see a detailed help file in .chm format. 5. Save decrypted file in a textbox. 6. Clear the boxes for new encryption.

2.3.3 Performance Requirements


A computer running Windows XP/Vista/7 is required for the application to run. Microsoft .NET Framework 3.0 or higher is required. A keyboard or a mouse is required to operate the application.

2.4 Non Functional Requirements


2.4.1 Performance
The embedded image generated should not contain any distortion. Also the application should be secure to statistical and comparison steganalysis.

2.4.2 Reliability
The product should not crash under any circumstance such as user entering invalid values, user trying to load unsupported files etc. It should show appropriate message for every user generated message.

2.4.3 Portability
Our product will be portable to carry and will run in any machine provided it runs a Windows Operating System. We have created an installer which compiles all files into a single executable (.msi). Only this file is required to successfully install the application on any computer.

2.5 Data Flow Diagrams


Data flow diagrams are the basic building blocks that define the flow of data in a system to the particular destination and difference in the
Department of Information Technology (NEHU) Page |28

flow when any transformation happens. It makes whole procedure like a good document and makes simpler and easy to understand for both programmers and non-programmers by dividing into the sub process. The data flow diagrams are the simple blocks that reveal the relationship between various components of the system and provide high level overview, boundaries of particular system as well as provide detailed overview of system elements.

The data flow diagrams start from source and ends at the destination level i.e., it decomposes from high level to lower levels. The important things to remember about data flow diagrams are: it indicates the data flow for one way but not for loop structures and it doesnt indicate the time factors. This section reveals about the data flow analysis which states about data that have been used, classification of data flow diagrams based on their functions and the other different levels used in the project.

Data flow processes:


It will define the direction i.e., the data flow from one entity to another entity. It is the place or physical location where the data is stored after extraction from the data source.

Process:
Process defines the source from where the output is generated for the specified input. It states the actions performed on data such that they are transformed, stored or distributed.

Data store:
Source: It is the starting point or destination point of the data, stating point from where the external entity acts as a cause to flow the data towards destination
Department of Information Technology (NEHU) Page |29

2.5.1 Level 0 Data Flow Diagram DFD level 0 is the highest level view of the system, contains only one process which represents whole function of the system. It doesnt contain any data stores and the data is stored with in the process. For constructing DFD level 0 diagram for the proposed approach we need two sources one is for source and another is for destination and a process.

Figure 11. Level 0 Data Flow Diagram

DFD level 0 is the basic data flow process, the main objective is to transfer the data from sender to receiver after encryption.

2.5.2 Level 1 Data Flow Diagram

Department of Information Technology (NEHU)

Page |30

Figure 12. Level 1 Data Flow Diagram In this data flow diagram, the secret data is sent to the encryption phase for embedding the data into the image for generating the carrier image. In the next phase the carrier image is sent to the decryption phase through the transmission phase. The final phase is the decryption phase where the data is extracted from the image and displays the original message.

2.5.3 Level 2 Data Flow Diagram


The image and the text document are given to the encryption phase. The encryption algorithm is used for embedding the data into the image. The resultant image acting as a carrier image is transmitted to the decryption phase using the transmission medium. For extracting the message from the carrier image, it is sent to the decryption section. The plain text is extracted from the carrier image using the decryption algorithm.

Department of Information Technology (NEHU)

Page |31

Figure 13. Level 2 Data Flow Diagram

2.6 Activity Diagram

Figure 14. Activity Diagram

Department of Information Technology (NEHU)

Page |32

The sender sends the message to the receiver using three phases. Since we are using the steganographic approach for transferring the message to the destination, the sender sends text as well as image file to the primary phase i.e., to encryption phase. The encryption phase uses the encryption algorithm by which the carrier image is generated. The encryption phase generates the carrier image as output. The carrier image is given as input to the next phase i.e., to decryption phase. The decryption phase uses the decryption algorithm for decrypting the original text from the image so that the decryption phases generate plain text. The plain text is then sent to the receiver using the transmission media.

Department of Information Technology (NEHU)

Page |33

3. DESIGN STRATEGY
3.1 Overview
The software development portion of this project focuses on an implementation of most of the steganographic techniques as described in Part I. This means that the end-product will provide a means for its users to embed a message within animage using one of several different steganographic algorithms This chapter provides details of the aims and objectives of the development portion of the project, and also discusses the methodologies and design principles that were considered whilst building the system.

3.2 Intentions & Considerations


The end-product is intended to aid an education in the fields of steganography. As the range of end-user can range from a complete novice to a more advanced user (in terms of their prior knowledge in the research area), the end-product will provide a Graphical User Interface (GUI) in order to accommodate all user types. By developing the functions such that they are self-contained, it is possible that they can be used in association with an external bulk processing function in order to obtain results from a wide selection of source images very quickly. If this can be achieved successfully, the system will not only appeal to students who wish to learn more about steganography, it will also mean that the tools are useful for steganalysis in a more active capacity. Subsequently, whilst the main focus was on producing a good user interface for each of the functions, attention was also paid to ensuring the longevity of the system as a whole.

Department of Information Technology (NEHU)

Page |34

Also, by developing the functions in this manner, it means that new functions can easily be added that can operate alongside the existing functions. Thus, over time, the system has the potential to be highly desirable in the field of steganalysis.

3.3 Development Tools


We have chosen to use Microsoft .NET to build this application. Microsoft .NET is a framework developed by Microsoft in the year 2002. The main aim of the .NET framework is to build web and user interactive GUI (Graphical User Interface) applications. The Windows forms web application classes that are used for creating new windows form based applications. Microsoft .NET is a user friendly language which helps us build the required web application easily. So, we preferred using the .NET framework over the other enterprise frameworks. Some features of .NET are :

and running web applications and web services.

Forms. Jscript.

languages for example JAVA because in .NET the coding is very easier.

ODBC. n build web applications as required, the applications are highly secure because it uses access control lists and security identifiers.

Department of Information Technology (NEHU)

Page |35

CLR. The Common Language Runtime (CLR) is heart to .NET framework.

runs only on platforms that support CLR. Now, in this project we have chosen Microsoft .NET platform for building this Windows based steganographic application. The main components of .NET which used in this project are Visual Basic 2008.

3.4 Visual Basic


Visual Basic is the one of the component in Microsoft Visual studio which works similar to Visual C#. Creating applications using Visual Basic is easier compared to the JAVA.

tool box so that required tool like radio button, text boxes etc., can be placed.

functions. This can be done using Visual Basic coding.

designer tool.

.vb extension. When we click on debug option the .NET architecture creates the class file.

converts the class file into the machine language that is compatible with the hardware since CLR supports cross-language integration.

Department of Information Technology (NEHU)

Page |36

as well as web applications.

3.5 Features of the proposed method


In this project, the proposed method should provide better security when transmitting or transferring the data or messages from one end to another. The main objective of the project is to hide the message or a secret data into an image which further act as a carrier of secret data and to transmit to the destination securely without any modification. If there are any perceivable changes when we are inserting or embedding the information into the image or if any distortions occur in the image or on its resolution there may be a chance for an unauthorised person to modify the data. So, the data encryption into an image and decryption and steganography plays a major role in the project. The three important sections in the project are: Encryption: Encryption is done to provide an extra security level to our application. Even if the secret is compromised and someone came to know that there is some secret data in the image, he still cannot view it because of the encryption. Steganography: The steganography part is done using the algorithms described above. The main feature of steganography is that the picture should not be distorted and the size of the original image to the modified image should remain the same. Decryption: The decryption part is completely opposite to the encryption part described above. It requires the user to provide a correct password and the data in the image will decrypted.

Department of Information Technology (NEHU)

Page |37

6. RESULTS AND CONCLUSION


6.1 Result
The Stegenographic schemes which were present for more than 1000 years were studied and analyzed in details in this report. Various algorithms were analyzed, compared and implemented. For designing the steganographic application, we worked on different phases like encryption, decryption and data transmission. An application for sending the personal data securely to the destination has been developed successfully. The design phase is the primary phase, which gives a brief idea about the different levels used for developing an application with the help of block diagrams. The software is designed in a user friendly manner. So, it is simple to use for developing a prototype of the application. The most important phase in the project is the execution phase. The execution phase is developed with the help of design phase. For executing the application, we worked on two sections: one is encryption and another is decryption. As we designed the program using .NET platform, the next part is debugging the program. We faced some problems when writing the code, but at last we were successful in executing the program without errors. We used different approaches for testing the application, which helped us to know about the limitations. In this project we mainly concentrated on embedding the data into an image. We have designed the steganographic application which embedded the data into the image. Normally, after embedding the data into the image, the image may lose its resolution. In the proposed approach, the image remains unchanged in its resolution as well in size. The speed of embedding the data into the image is also high in the proposed approach such that the image is protected and the data to the
Department of Information Technology (NEHU) Page |38

destination is sent securely. For the decryption phase, we have used the same .NET programming language for the purpose of designing. We have used security keys like personal password for protecting the image from unauthorized modification, which improved the security level. We have chosen image steganography because it is simple to use and its user friendly application. There are many applications for image hiding but the proposed approach is created using Microsoft .NET frame work which is easier for coding and the performance is better compared to other languages.

6.2 Conclusion
In the present world, the data transfers using internet is rapidly growing because it is so easier as well as faster to transfer the data to destination. So, many individuals and business people use to transfer business documents, important information using internet. Security is an important issue while transferring the data using internet because any unauthorized individual can hack the data and make it useless or obtain information un- intended to him. The proposed approach in this project uses a new steganographic approach called image steganography. The application creates a stego image in which the personal data is embedded and is protected with a password which is highly secured. The main intention of the project is to analyze the various steganography algorithms and develop a steganographic application using those algorithms such that it provides good security. The proposed approach provides higher security and can protect the message from stego attacks. The image resolution doesnt change much and is negligible when we embed the message into the image and the image is protected with the personal password. So, it is not possible to damage the data by unauthorized personnel.

Department of Information Technology (NEHU)

Page |39

This project gave us good experience in dealing with the data security issues in theoretical as well as in technical domain and in .NET programming as we used Microsoft visual studio for designing steganographic application. We did the project in satisfactory level with the help and good guidance from our supervisor Mr. A.K. Maji. The major limitation of the application is designed for bit map images (.bmp). It accepts only bit map images as a carrier file, and the compression depends on the document size as well as the carrier image size.
.

6.3 Future Work

Department of Information Technology (NEHU)

Page |40

REFERENCE
1] Alfred J, M et al., 1996. Hand book of applied Cryptography. First edition. 2] Bloom,J. A. et al., 2008. Digital watermarking and Steganography. 2nd edition. 3] A. Westfeld. "F5 - A Steganographic Algorithm: High Capacity Despite Better Steganalysis", Lecture Notes in Computer Science, vol. 2137, pp. 289302, 2001. 4] X. Yu, Y. Wang, and T. Tan, "On Estimation of Secret Message Length in JSteglike Steganography", Proceedings of the 17th International Conference on Pattern Recognition, vol. 4, pp. 673-676, 2004. 5] Q. Weiwei, G. Yanqing, and K. Xiangwei. "JPEG QuantizationDistribution Steganalytic Method Attacking JSteg", International Journal of Computer Science and Network Security, vol. 6, pp. 192195. 6] Bandyopadhyay, S.K., 2010. An Alternative Approach of Steganography Using Reference Image. International Journal of Advancements in Technology, 1(1), pp.05-11. 7] www.ijcaonline.org/journal/number15/pxc387502.pdf 8] S. William, Cryptography and Network Security: Principles and Practice, 2nd edition, Prentice-Hall, Inc., 1999 pp 23-50 9] http://www.jjtc.com/pub/r2026.pdf 10] Hide & Seek: An Introduction to Steganography: Niles Provos and Peter Honey man, IEEE Security & Privacy Magazine, May/June 2003.

Department of Information Technology (NEHU)

11] Image Compression and Discrete Cosine Transform - Ken Cabin and Peter Gent, Math 45 College of the Redwoods,1998 12] Steganography Primer - Ruid, Computer Academic underground, 2004

13] Artz, D., Digital Steganography: Hiding Data within Data, IEEE Internet Computing Journal, June 2001 14] Owens, M., A discussion of covert channels and steganography, SANS Institute, 2002 15] Petitcolas, F.A.P., Anderson, R.J. & Kuhn, M.G., Information Hiding A survey, Proceedings of the IEEE, 87:07, July 1999 ii 16] Bender, W., Gruhl, D., Morimoto, N. & Lu, A., Techniques for data hiding, IBM Systems Journal, Vol. 35, 1996 17] Jamil, T., Steganography: The art of hiding information is plain sight, IEEE Potentials, 18:01, 1999. 18] Currie, D.L. & Irvine, C.E., Surmounting the effects of lossy compression on Steganography, 19th National Information Systems Security Conference, 1996 19] Artz, D., Digital Steganography: Hiding Data within Data, IEEE Internet Computing Journal, June 2001 20] Anderson, R.J. & Petitcolas, F.A.P., On the limits of steganography, IEEE Journal of selected Areas in Communications, May 1998 21] http://www.devx.com/projectcool/Article/19997 22] Glenford et al., 2004. The art of software testing. 2nd edn, pg no. 183, john wiley.
Department of Information Technology (NEHU)

Hellman, M.E., 2002. An overview of public key cryptography. IEEE comm. 23] M. Naor and A. Shamir, Visual cryptography, in Advances in Cryptology: EUROCRYPT 94 (A. De Santis, ed.), vol. 950 of Lecture Notes in Computer Science, pp. 112, Springer, 1995. 24] O. Goldreich, Foundations of Cryptography: Basic Tools. Cambridge University Press, 2001. 25] www.zurich.ibm.com/~cca/papers/encyc.pdf 26] www.infosecwriters.com/text_resources/pdf/steganographyDTEC682 3.pdf 27] www. paper.ijcsns.org/07_book/201008/20100825.pdf 28] www.scribd.com/doc/... /Internet & Technology 29] www.computing.surrey.ac.uk/personal/st/H.Schaathun/.../phil-msc.pdf 30] www.jiit.ac.in/jiit/ic3/IC3_2008/IC3-2008/APP2_21.pdf 31] www.scribd.com/doc/.../Steganography-View 32] Amirthanjan,R. Akila,R & Deepikachowdavarapu, P., 2010. A Comparative Analysis of Image Steganography, International Journal of Computer Application, 2(3), pp.2-10. 33] Chan, C.K. Cheng, L.M., 2004. Hiding data in images by simple lsb substitution: pattern recognition.vol 37. Pergamon. 34] Kahate, A., 2008. Cryptography and network security. 2nd ed. McGraw-hill.

Department of Information Technology (NEHU)

35] Kevin, H., 2006. Microsoft Visual Basic 2005 unleashed. 4th edn, SAMS. 36] D. Fu, Y. Shi, D. Zou, and G. Xuan. "JPEG Steganalysis Using Empirical Transition Matrix in Block DCT Domain", IEEE: 8th Workshop on Multimedia Signal Processing 2006, pp. 310-313, 2006. 37] M. Halvorson,. Visual basic 2008, Step by Step. 38] Evangelos Petroutsos and Mark Ridgeway,: Mastering Microsoft Visual Basic 2008 39] Rod Stephens,: Visual Basic 2008-Programmers Reference. 40] Microsoft MSDN help.

Department of Information Technology (NEHU)

APPENDIX A
Steganography: It is the process of hiding digital data (text, image, audio or video) within another digital data (text, image, audio or video). Steganography Algorithms: These are the techniques by which we can hide a media within another media. Steganalysis: Steganalysis is the art and science of detecting messages hidden using steganography; this is analogous to cryptanalysis applied to cryptography. Cryptography: It is the process of encrypting a media so that it is not possible to understand without decrypting. Internet Security: Internet security is a branch of computer security specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. Different methods have been used to protect the transfer of data, including encryption. Security Attacks: The data is transmitted from source to destination which is known as its normal flow. But the hackers might hack the network in order to access or modify the original data. These types of attacks are formally known as security attacks. .NET Framework: The .NET Framework (pronounced dot net) is a software framework that runs primarily on Microsoft Windows. It includes a large library and supports several programming languages which allow language interoperability (each language can use code written in other languages). The .NET library is available to all the programming languages that .NET supports. Programs written for the .NET Framework execute in a software environment (as contrasted to hardware environment), known as the Common Language Runtime (CLR), an application virtual machine that provides important services
Department of Information Technology (NEHU)

such as security, memory management, and exception handling. The class library and the CLR together constitute the .NET Framework. Visual Basic: Visual Basic (VB) is the third-generation event-driven programming language and integrated development environment (IDE) from Microsoft for its COM programming model. Visual Basic is relatively easy to learn and use. Visual Basic was derived from BASIC and enables the rapid application development (RAD) of graphical user interface (GUI) applications, access to databases using Data Access Objects, Remote Data Objects, or ActiveX Data Objects, and creation of iii ActiveX controls and objects. Scripting languages such as VBA and VBScript are syntactically similar to Visual Basic, but perform differently. Graphical User Interface: It is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUIs can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and office equipment. A GUI represents the information and actions available to a user through graphical icons and visual indicators such as secondary notation, as opposed to text-based interfaces, typed command labels or text navigation. The actions are usually performed through direct manipulation of the graphical elements. Common Language Runtime (CLR): The Common Language Runtime (CLR) is a special run time environment that provides the underlying infrastructure for Microsoft's .NET framework. This runtime is where the source code of an application is compiled into an intermediate language called CIL, originally known as MSIL (Microsoft Intermediate Language). When the program is then run, the CIL code is translated into the native code of the operating system using a just-in-time (JIT) compiler. Discrete Cosine Transformation: A discrete cosine transform (DCT) expresses a sequence of finitely many data points in terms of a sum of cosine functions oscillating at different frequencies. DCTs are important to numerous applications in science and engineering, from lossy compression of audio (e.g. MP3) and images (e.g. JPEG) (where small
Department of Information Technology (NEHU)

high-frequency components can be discarded), to spectral methods for the numerical solution of partial differential equations. The use of cosine rather than sine functions is critical in these applications: for compression, it turns out that cosine functions are much more efficient (as explained below, fewer are needed to approximate a typical signal), whereas for differential equations the cosines express a particular choice of boundary conditions. XOR Operation: In cryptography, the simple XOR cipher is a simple encryption algorithm that operates according to the principles: A A (A (B 0 = A, A = 0, B) A) C=A A=B (B C),

0 = B,

Where denotes the exclusive disjunction (XOR) operation. With this logic, a string of text can be encrypted by applying the bitwise XOR operator to every character using a given key. To decrypt the output, merely reapplying the key will remove the cipher. For example, the string "Wiki" (01010111 01101001 01101011 01101001 in 8-bit ASCII) can be encrypted with the key 11110011 as follows: 01010111 01101001 01101011 01101001 11110011 11110011 11110011 11110011 = 10100100 10011010 10011000 10011010 And conversely, for decryption: 10100100 10011010 10011000 10011010 11110011 11110011 11110011 11110011

Department of Information Technology (NEHU)

01010111 01101001 01101011 01101001

.CHM File Format: Microsoft Compiled HTML Help is a Microsoft proprietary online help format. It was introduced as the successor to Microsoft WinHelp with the release of Windows 98, and is still supported in Windows 7.

Department of Information Technology (NEHU)